authors:Fabio Pasqualetti, Florian DÖrFler,and Francesco bullo
CPS广泛存在于现代社会的各个领域,如:能源生产、医疗和通信。CPS的例子有:传感器网络、工业自动化系统以及重要的基础设施(交通网络、电力生产和分配网、水与天然气分配网络和先进制造业)。在生产中结合信息技术可以提高系统的效率,同时,也增加了系统的脆弱性,降低了关键设施的可靠性。
具体例子有: 2000年3月Maroochy water breach[1],巴西多起停电事故[2],2003年1月Davis-Besse 核电站的SQL Slammer蠕虫攻击[3],2010年6月StuxNet 计算机蠕虫[4],以及各种工业安全事件[5]。CPS系统侧重于物理设施的故障和攻击,cyberattack侧重于管理层和通信层的攻击[6,7]
对系统安全性的考虑不是个新问题,很多文献研究了系统故障检测、隔离和恢复测试问题[8][9].关于故障容忍控制的文章考虑一般或偶然的故障,但是,CPS系统的脆弱性和传统系统不同,必须研究合适的检测和鉴别技术。例如,CPS系统传输网络的可靠性和传输测量和控制数据包的标准通信协议增加了 针对物理系统的故意和不可预测攻击的可能性。 另一方面,信息安全方法只能保证安全通信和代码执行,对于物理系统而言,可能不够。事实上,安全方法如:授权、权限控制和消息完整性 不能保证测量和数据与底层运行和控制结构兼容,并且,对zero-day攻击[10]或由对控制平台、执行器和传感器有权限的实体从内部进行的攻击而言无效[1]。为保护一个CPS系统,必须有一个结合信息安全机制与系统监视理论和安全方法的整体性方法。
StexNet攻击是以物理系统为攻击对象的信息攻击的典型案例[4]。2010年6月,一个精心设计的计算机蠕虫病毒注入到伊朗的一个核浓缩电厂的控制系统中。这种通过标准USB硬件传播的蠕虫,劫持离心机的测量数据,显示在正常运行状态,同时,修改离心机的执行信号,使他们失控。这种攻击不在信息保护机制之内,同时改变了测量和执行信号,造成实际系统的不稳定以致损坏。这个案例证明了CPS系统独特的脆弱性,增加了对 研究综合信息和物理保护方法的整体性方法以保证CPS安全的迫切性。
近年来,在外部攻击下CPS系统的脆弱性分析得到了日益增长的关注。一般的方法研究 针对特定系统的特定攻击。例如:[11]中定义了网络化系统中的 欺骗和拒绝服务攻击(Dos),对于后者,提出了基于半定规划的对策。欺骗攻击 危及控制或测量数据包的完整性,同时改变传感器和执行器的动作。Dos攻击,危及资源的可用性,如堵塞通信信道。
[12]中介绍了在静态状态估计器中注入错误数据的攻击。错误数据攻击是针对静态估计器的特定欺骗攻击。结果显示,资源有限时,也能设计不可检测的错误数据注入攻击。
[13]中,研究了针对监督控制和数据获取系统的偷偷欺骗攻击。
[14]-[16]中,研究了legacy系统和remedial scheme中的 偷偷攻击。
[17][18]中,讨论了控制系统的重放攻击。重放攻击劫持传感器,记录一段时间的读数,在向系统注入其他数据时,重复记录好的读数。有文章显示可通过注入攻击者无法预知的随机信号,检测出攻击。
[19]中研究了针对控制系统的欺骗攻击。特别的,一个参数化的解耦结构,可以保证一个欺骗单元,在改变物理系统行为的同时,不被初始控制器检测到。
[20]中研究了控制数据包被人类对手劫持的弹性控制问题,提出利用一个滚动时域 Stackelberg 控制律保证攻击情形下的系统稳定。近来,测量被劫持的线性系统的状态估计问题正在被大量研究。更详细的,容忍的最大故障传感器数目被提出。也提出了一种解码算法检测被劫持的测量。
特定CPS系统的安全性问题得到了众多关注。例如:电力系统[22]-[27],有故障元件的线性网络[28]-[30],以及水网[31]-[33]。
参考文献:
[1] J. Slay and M. Miller, “Lessons learned from the Maroochy water
breach,” in Proc. Critical Infrastructure Protection, 2007, vol. 253, pp. 73–82.
[2] J. P. Conti, “The day the samba stopped,” Eng. Technol., vol. 5, no. 4, pp.
46–47, Mar. 06–26, 2010.
[3] S. Kuvshinkova, “SQL Slammer worm lessons learned for consideration
by the electricity sector,” North Amer. Elec. Reliab. Council, Atlanta, GA,
Tech. Rep., 2003.
[4] J. P. Farwell and R. Rohozinski, “Stuxnet and the future of cyber war,”
Survival, vol. 53, no. 1, pp. 23–40, 2011.
[5] G. Richards, “Hackers vs slackers,” Eng. Technol., vol. 3, no. 19, pp. 40–43, 2008.
[6] A. R. Metke and R. L. Ekl, “Security technology for smart grid networks,” IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 99–107, 2010.
[7] A. A. Cárdenas, S. Amin, and S. S. Sastry, “Research challenges for the
security of control systems,” in Proc. 3rd Conf. Hot Topics Security, Berkeley,
CA, 2008, pp. 6:1–6:6.
[8] M.-A. Massoumnia, G. C. Verghese, and A. S. Willsky, “Failure detection
and identification,” IEEE Trans. Autom. Contr., vol. 34, no. 3, pp. 316–321, 1989.
[9] M. Basseville and I. V. Nikiforov, Detection of Abrupt Changes: Theory and
Application. Englewood Cliffs, NJ: Prentice-Hall, 1993.
[10] R. Axelrod and R. Iliev, “Timing of cyber conflict,” Proc. Natl. Acad. Sci.,
vol. 111, no. 4, pp. 1298–1303, 2014.
[11] S. Amin, A. Cárdenas, and S. Sastry, “Safe and secure networked control systems under denial-of-service attacks,” in Proc. Hybrid Systems: Computation Control, Apr. 2009, vol. 5469, pp. 31–45.
[12] Y. Liu, M. K. Reiter, and P. Ning, “False data injection attacks against
state estimation in electric power grids,” in Proc. ACM Conf. Computer Communications Security, Chicago, IL, Nov. 2009, pp. 21–32.
[13] A. Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. Sastry, “Cyber security analysis of state estimators in electric power systems,” in Proc.
IEEE Conf. Decision Control, Atlanta, GA, Dec. 2010, pp. 5991–5998.
[14] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing
stealthy attacks in control systems,” in Proc. Allerton Conf. Communications,
Control Computing, Oct. 2012, pp. 1806–1813.
[15] S. D. Bopardikar and A. Speranzon, “On analysis and design of stealthresilient control systems,” in Proc. Int. Symp. Resilient Control Systems, San
Francisco, CA, Aug. 2013, pp. 48–53.
[16] J. Y. Keller and D. Sauter, “Monitoring of stealthy attack in networked
control systems,” in Proc. Conf. Control Fault-Tolerant Systems, Nice, France,
Oct. 2013, pp. 462–467.
[17] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in Proc.
Allerton Conf. Communications, Control Computing, Monticello, IL, Sept. 2010,
pp. 911–918.
[18] Y. Mo, T.-H. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, “Cyber-physical security of a smart grid infrastructure,” Proc. IEEE,
vol. 100, no. 1, pp. 195–209, 2012.
[19] R. Smith, “A decoupled feedback structure for covertly appropriating
network control systems,” in Proc. Int. Federation Automatic Control World
Congr., Milan, Italy, Aug. 2011, pp. 90–95.
[20] M. Zhu and S. Martínez, “Stackelberg-game analysis of correlated attacks in cyber-physical systems,” in Proc. American Control Conf., San Francisco, CA, July 2011, pp. 4063–4068.
[21] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control
for cyber-physical systems under adversarial attacks,” IEEE Trans. Autom.
Contr., vol. 59, no. 6, pp. 1454–1467, 2014.
[22] C. L. De Marco, J. V. Sariashkar, and F. Alvarado, “The potential for malicious control in a competitive power systems environment,” in Proc. IEEE
Int. Conf. Control Applications, Dearborn, MI, 1996, pp. 462–467.
[23] G. Dan and H. Sandberg, “Stealth attacks and protection schemes for
state estimators in power systems,” in Proc. IEEE Int. Conf. Smart Grid Communications, Gaithersburg, MD, Oct. 2010, pp. 214–219.
[24] F. Pasqualetti, F. Dörfler, and F. Bullo, “Cyber-physical attacks in power
networks: Models, fundamental limitations and monitor design,” in Proc.
IEEE Conf. Decision Control European Control Conf., Orlando, FL, Dec. 2011,
pp. 2195–2201.
[25] A.-H. Mohsenian-Rad and A. Leon-Garcia, “Distributed internet-based
load altering attacks against smart power grids,” IEEE Trans. Smart Grid,
vol. 2, no. 4, pp. 667–674, 2011.
[26] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber–physical system security for the electric power grid,” Proc. IEEE, vol. 99, no. 1, pp. 1–15, 2012.
[27] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and K.
Poolla, “Smart grid data integrity attacks: Characterizations and countermeasures,” in Proc. IEEE Int. Conf. Smart Grid Communications, Brussels, Belgium, 2011, pp. 232–237.
[28] S. Sundaram and C. Hadjicostis, “Distributed function calculation via
linear iterative strategies in the presence of malicious agents,” IEEE Trans.
Autom. Contr., vol. 56, no. 7, pp. 1495–1508, 2011.
[29] F. Pasqualetti, A. Bicchi, and F. Bullo, “Consensus computation in unreliable networks: A system theoretic approach,” IEEE Trans. Autom. Contr.,
vol. 57, no. 1, pp. 90–104, 2012.
[30] M. Zhu and S. Martínez, “On distributed convex optimization under
inequality and equality constraints,” IEEE Trans. Autom. Contr., vol. 57, no.
1, pp. 151–164, 2012.
[31] S. Amin, X. Litrico, S. S. Sastry, and A. M. Bayen, “Stealthy deception
attacks on water SCADA systems,” in Proc. Hybrid Systems: Computation
Control, Stockholm, Sweden, Apr. 2010, pp. 161–170.
[32] D. G. Eliades and M. M. Polycarpou, “A fault diagnosis and security
framework for water systems,” IEEE Trans. Control Syst. Technol., vol. 18, no.
6, pp. 1254–1265, 2010.
[33] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson. (2012). A secure control framework for resource-limited adversaries. [Online]. Available: http://arxiv.org/abs/1212.0226
[34] F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Autom. Contr., vol. 58, no. 11,
pp. 2715–2729, 2013.
[35] T. Geerts, “Invariant subspaces and invertibility properties for singular
systems: The general case,” Linear Algebra Applicat., vol. 183, pp. 61–88, Apr.
1993.
[36] A. Abur and A. G. Exposito, Power System State Estimation: Theory and
Implementation. Boca Raton, FL: CRC Press, 2004.
[37] E. Scholtz, “Observer-based monitors and distributed wave controllers for
electromechanical disturbances in power systems,” Ph.D. dissertation, Dept.
Electr. Eng. Comput. Sci., Massachusetts Inst. Technol., Cambridge, MA, 2004.
[38] G. Basile and G. Marro, Controlled and Conditioned Invariants in Linear
System Theory. Englewood Cliffs, NJ: Prentice-Hall, 1991.
[39] W. M. Wonham, Linear Multivariable Control: A Geometric Approach, 3rd
ed. Berlin Heidelberg, Germany: Springer-Verlag, 1985.
[40] K. Zhou, J. C. Doyle, and K. Glover, Robust and Optimal Control. Englewood Cliffs, NJ: Prentice-Hall, 1996.
[41] J. M. Dion, C. Commault, and J. van der Woude, “Generic properties
and control of linear structured systems: A survey,” Automatica, vol. 39, no.
7, pp. 1125–1144, 2003.
[42] K. J. Reinschke, Multivariable Control: A Graph-Theoretic Approach. Berlin
Heidelberg, Germany: Springer-Verlag, 1988.
[43] F. Pasqualetti, F. Dörfler, and F. Bullo, “Cyber-physical security via
geometric control: Distributed monitoring and malicious attacks,” in Proc.
IEEE Conf. Decision Control, Maui, HI, Dec. 2012, pp. 3418–3425.
[44] F. Dörfler, F. Pasqualetti, and F. Bullo, “Continuous-time distributed
observers with discrete communication,” IEEE J. Sel. Topics Signal Processing, vol. 7, no. 2, pp. 296–304, 2013.
[45] D. J. Trudnowski, J. R. Smith, T. A. Short, and D. A. Pierre, “An application of Prony methods in PSS design for multimachine systems,” IEEE
Trans. Power Syst., vol. 6, no. 1, pp. 118–126, 1991.
[46] M. A. Hanley, “Frequency instability problems in North American interconnections,” Dept. Energy, Tech. Rep. DOE/NETL-2011/1473, June 2011.
[47] F. Pasqualetti, A. Bicchi, and F. Bullo, “A graph-theoretical characterization of power network vulnerabilities,” in Proc. American Control Conf.,
San Francisco, CA, June 2011, pp. 3918–3923.
[48] A. Osiadacz, Simulation and Analysis of Gas Networks. Houston, TX: Gulf
Publishing Co., 1987.
[49] A. Kumar and P. Daoutidis, Control of Nonlinear Differential Algebraic
Equation Systems. Boca Raton, FL: CRC Press, 1999.
[50] X. Litrico and V. Fromion, Modeling and Control of Hydrosystems. Berlin
Heidelberg, Germany: Springer-Verlag, 2009.
[51] J. Burgschweiger, B. Gnädig, and M. C. Steinbach, “Optimization models for operative planning in drinking water networks,” Optim. Eng., vol. 10,
no. 1, pp. 43–73, 2009.
[52] P. F. Boulos, K. E. Lansey, and B. W. Karney, Comprehensive Water Distribution Systems Analysis Handbook for Engineers and Planners. Denver, CO:
Amer. Water Works Assoc., 2006.
[53] L. A. Rossman, “EPANET 2, water distribution system modeling software,” U.S. Environ. Protection Agency, Water Supply and Water Resources
Div., Tech. Rep., 2000.
[54] Y. Mo and B. Sinopoli, “False data injection attacks in control systems,”
in Proc. 1st Workshop Secure Control Systems, Stockholm, Sweden, Apr. 2010.
[55] H. L. Trentelman, A. Stoorvogel, and M. Hautus, Control Theory for Linear Systems. Berlin Heidelberg, Germany: Springer-Verlag, 2001.
[56] F. L. Lewis, “A tutorial on the geometric analysis of linear time-invariant implicit systems,” Automatica, vol. 28, no. 1, pp. 119–137, 1992.
[57] C. D. Godsil and G. F. Royle, Algebraic Graph Theory (Graduate Texts in
Mathematics, vol. 207). Berlin Heidelberg, Germany: Springer-Verlag, 2001.
扫一扫
94
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
